[
https://issues.apache.org/jira/browse/SENTRY-1609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15857572#comment-15857572
]
Alexander Kolbasov edited comment on SENTRY-1609 at 2/8/17 7:24 AM:
--------------------------------------------------------------------
It seems that the simplest way to fix it is to just rewrite
{{getGroupsByRoles()}} to call {{delegate.getMSentryRoleByName()}} which will
get a role. Then we can just walk the role groups and add each group's name to
a resulting set.
was (Author: akolb):
It seems that the simplest way to fix it is to just rewrite {{
getGroupsByRoles() }} to call {{ delegate.getMSentryRoleByName() }} which will
get a role. Then we can just walk the role groups and add each group's name to
a resulting set.
> DelegateSentryStore is subject to JDQL injection
> ------------------------------------------------
>
> Key: SENTRY-1609
> URL: https://issues.apache.org/jira/browse/SENTRY-1609
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Affects Versions: 1.8.0, sentry-ha-redesign
> Reporter: Alexander Kolbasov
> Assignee: Alexander Kolbasov
> Attachments: SENTRY-1609.001.patch
>
>
> The fix for SENTRY-1476 missed one case in DelegateSntryStore that should be
> addressed as well.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
